How to set up your organisation on the Pillar platform

Who is Sensiba?

Because SOC 2 reports need to be signed off by a CPA (which is effectively a US accountancy), Tempo works with Sensiba who sign off on our reports. Tempo will still deliver the audit fully with our auditors and manage the relationship with you, as the client. Sensiba will then review and sign-off, and ultimately issue (on a co-branded report) the report.

What is Pillar?

Pillar is the platform that Tempo and Sensiba use to deliver the audit. You'll need to provide evidence through the Pillar platform for Tempo to review the evidence and finalise our audit. This will allow Sensiba to sign-off their report

How do we access Pillar?

Your auditor will invite you to the Pillar platform and you will receive an automated email prompting you to set up your account. Use the link in the email address to initiate the setup. 

Once you click the link, you will be prompted to initiate a series of setup steps. This will include inputting your name and email address, verifying your email via a one-time code, setting up your password, and setting up multi-factor authentication. 

Once the initial setup is complete, you will be redirected directly to Pillar’s home screen. This is where your audit board will appear once your auditor has created it for you.

You can now use the ‘My Team’ dashboard to set up the rest of their team members. Navigate to the ‘My Team’ screen and click ‘Invite New Users’. Each new user will be required to follow the same setup process as outlined in this section. 

How do we use the Pillar Audit Board?

On the Pillar dashboard, the framework for your SOC 2 audit is set out through various cards. Each card is a control that you will need to provide evidence for. We ask that all evidence for each control is uploaded before the start of the audit.

Each control/card contains a description and an audit request. This will explain what Tempo (and Sensiba in their final sign-off) will be looking for, and consequently, the evidence that you need to upload.

To begin with, all controls will be under the “Control Gap” column for you to upload evidence to. While you are completing this, you will move the controls to the either the “Implemented” column (if you already have something implemented for a control) or the “Review Column” - this triggers your auditor to come in and test the evidence for you. Once your auditor is happy with the evidence provided for the control, they will move it over to the accepted column - meaning that the control is now complete. However, if your auditor has an audit query they will place the control in the “Audit Query” column and write a query in the control itself so that it is clear what they are asking you for and where you should go and look for it.

For each control, there is also an “Activity Feed” section. This is where your auditor, yourself, your team and Sensiba can keep open communication throughout your audit. You can also easily assign controls to a specific person in your team, as well as set a due date for the task assigned.

We hope that the above section has been helpful, but we have also provided a link for you to watch a quick video outlining the above if you are still a bit unsure.

How does closing the audit work?

Once your audit is complete and a report is issued, your auditor will lock the audit board to prevent any further changes being made to the evidence submitted. Once this is done, you (as the client) will no longer be able to make edits to this audit board; however, you will still be able to access audit evidence as needed.

What else do I need to know before the audit?

We have also put together some Pre-Audit FAQs for your SOC 2 audit that you can check out here.

We hope this short guide helps you when setting-up your organisation on Pillar, but if you have any more questions - just shout!